CVE-2024-22026

MEDIUM

EPMM <12.1.0.0 - Privilege Escalation

Title source: llm

Description

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

Exploits (1)

nomisec WORKING POC 15 stars

by securekomodo · poc

https://github.com/securekomodo/CVE-2024-22026

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

Scores

CVSS v3 6.7

EPSS 0.0016

EPSS Percentile 36.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

ivanti/endpoint_manager_mobile < 12.1.0.0

Published May 22, 2024

Tracked Since Feb 18, 2026